Cyberattack crashes Knox County Election Commission website

Knox County officials say the election commission website that displays election results crashed on Tuesday night — when tallying of local primary election results was underway — due to a “deliberate” and “widespread” cyberattack, reports the News Sentinel. A cyber security contractor is now looking into the problem.

Officials described the cyberattack as a distributed denial-of-service attack, which is an attempt to disable an online service by overloading it with computer traffic that comes — or appears to come — from many sources.

The cyberattack had no effect on vote tallies. It only prevented officials from displaying election results to the public through the Knox County Election Commission’s website, according to Richard Moran, the IT director for the county.

The website went down about 8 p.m. Tuesday after the county’s computers crashed from a massive amount of traffic that appeared to be coming from “many, many servers all over the country and all over the world,” Moran said.

Moran, who said he’s worked in IT for 40 years, said the county has seen similar denial-of-service attacks before. “But never on election night,” he said.

—

Press release from Knox County mayor’s office

Knoxville, Tenn. (May 2, 2018) — Knox County Mayor Tim Burchett today called for a cyber-security contractor to look into the Tuesday night server crash that shut down the County’s website just as polls closed on election night.

“Although the crash did not affect the vote tallies or the integrity of the election, this is not something that should happen,” Mayor Burchett said. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

Starting today, Sword & Shield Enterprise Security, a Knox County-based IT security firm, will conduct a root cause analysis to determine the exact nature of the County server’s shut down.

In a report provided by Knox County’s Information Technology Department, IT Director Dick Moran wrote that a preliminary review “noted that extremely heavy and abnormal network traffic was originating from numerous IP addresses associated with numerous geographic locations, both internal and external to this country. Based on my experience, this was highly suggestive of a (denial of service) attack.”